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CLAIMS 



What is claimed is: 




rich a plurality of instruction sets for packet processing 



An apparatus for processing data packets, comprising: 
a first data processing unit adapted to filter incoming packets; 
an addressable memory unit in v$ 
are stored; 

a second data processing unit adapted to process incoming packets according to one of 
said plurality of instruction sets; and 

a data bus connecting the addressable memory unit and the first and second data 
processing units. 
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1 2. The apparatus of claim 1 ? fuijther comprising a policy condition table connected to said 

2 first data processing unit, said polic^ condition table having a plurality of rules stored therein. 



1 3. The apparatus of claim 1, further comprising a policy action table connected to said data 

2 bus and said addressable memory fmit, wherein said policy action table stores at least one data 

3 processing policy. 
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4. The apparatus of claim 3,/wherein at least one of said policies comprises: 

a first address pointer elynent for identifying the location in said addressable memory 

unit of one of said plurality of instruction sets, and 

a second address pointei element for identifying the location in said addressable memory 

unit of a state block. 



1 5. The apparatus of claim! 3, wherein said first data processing unit assigns a thread to each 
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2 said incoming packet, wherein said thread corresponds to one of said policies stored in said 

3 policy action table. 



UT 



6. The apparatus of claim i, wherein said first data processing unit comprises logic for 
matching a first incoming packet to a stored first rule and for generating a first thread if the first 



incoming packet matches saic 
least one data processing polic 



7. The apparatus of claim 
the first incoming packet accordin 
thread. 



8 



irst rule, said first thread identifying the location of one of said at 
es in said policy action table. 



6, wherein said second data processing unit is adapted to process 
ing to said data processing policy corresponding to said first 



The apparatus of claim 6, wherein said data processing policy comprises a first address 

pointer to a starting address Lf a first set of instructions and a second address pointer to a starting 

3 / 

3 address of a state block stored in said addressable memory unit, said state block used by said first 

~ 4 set of instructions for processing the first incoming packet. 



1 9. The apparatus of claim 6, wherein said thread is assigned to said first incoming packet 

2 based on said first rule. 



1 10. The apparatus of claim 6, wherein said first processing unit further comprises logic for 

j 

2 matching a second incoming packet to a stored second rule and for generating a second thread if 

3 the second incoming packet matches the second rule, said second thread identifying the location 

4 of one of said at least one data processing policy in said policy action table. 



1 11. The apparatus of claim 1 0, wherein said second data processing unit is adapted to process 
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2 the second incoming packet according to said data processing policy corresponding to said 

3 second thread. 



1 12. The apparatus of claim 

2 incoming packet based on said 



0, wherein said second thread is assigned to said second 
second rule. 



1 13. The apparatus of claim 1 , wherein said first processing unit further comprises logic for 

2 matching a plurality of incoming packets to a stored corresponding plurality of rules and for 

3 generating a thread for each packet that matches one of said plurality of rules, each said thread 

4 identifying the location of one of said at least one data processing policy in said policy action 

5 table. 



1 14. The apparatus of claim 1 3, wherein the second data processing unit is adapted to process 

2 each packet according to sqfid data processing policy corresponding to said thread associated with 

3 » said packet. 



3 1 15. The apparatus of claim 13, further comprising a memory unit connected to said first data 

m / 

O 2 processing unit and to said second data processing unit, said memory unit adapted to temporarily 

O 

3 store packets before processing by said second data processing unit. 



1 1 6. The apparatus of claim 1 , wherein said second data processing unit comprises a plurality 

2 of general purpose processors for executing instructions in parallel. 

1 1 7. The apparatus of claim 1 6, wherein at least one said general purpose processor comprises 

2 a complex instruction set computer processor. 
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1 18. The apparatus of claim 16, wherein at least one said general purpose processor comprises 

2 a reduced instruction set co nputer processor. 

1 19. A method for processing data packets, comprising: 

2 receiving a first incoming packet; 

3 determining whether to admit the first incoming packet; 

4 assigning a first thread to the first incoming packet if said first incoming packet is 

5 admitted, wherein said first thread points to a stored policy; and 

6 processing the first incoming packet according to said stored policy. 
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u3 l 20. The method of claim 19, wherein said stored policy comprises a first address pointer 

fr= / 

B 2 pointing to the location of a first set of instructions, and wherein said processing step utilizes said 
2 3 first set of instructions to process said first incoming packet. 

21 . The method of claim 20, wherein said stored policy further comprises a second address 

2 pointer pointing to the location of a state block, and wherein said processing step utilizes said 

3 state block to process the first incoming packet. 

22. The method of claim 19, further comprising the step of storing at least one policy in a 
policy action table. 
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1 23. 



The meth'od of claim 22, further comprising the step of updating said policy action table. 



1 24. The metjhod of claim 19, wherein said determining step further comprises searching a 

2 policy condition table for a rule corresponding to the contents of the first incoming packet. 

1 25. The mfethod of claim 19, further comprising the step of placing the first incoming packet 

2 in a processing queue after said assigning step and before said processing step. 
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A method for processing data packets, comprising: 



packet; qJ 



receiving a 

comparing the picket to one or more stored rules; and 
discarding the packet unless the packet matches a rule allowing the packet to be admitted. 
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